django1/docs/releases/1.3.txt

============================================
Django 1.3 release notes - UNDER DEVELOPMENT
============================================

This page documents release notes for the as-yet-unreleased Django
1.3. As such, it's tentative and subject to change. It provides
up-to-date information for those who are following trunk.

Django 1.3 includes a number of nifty `new features`_, lots of bug
fixes and an easy upgrade path from Django 1.2.

.. _new features: `What's new in Django 1.3`_

.. _backwards-incompatible-changes-1.3:

Backwards-incompatible changes in 1.3
=====================================

PasswordInput default rendering behavior
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Prior to Django 1.3, a :class:`~django.forms.PasswordInput` would render
data values like any other form. If a form submission raised an error,
the password that was submitted would be reflected to the client as form
data populating the form for resubmission.

This had the potential to leak passwords, as any failed password
attempt would cause the password that was typed to be sent back to the
client.

In Django 1.3, the default behavior of
:class:`~django.forms.PasswordInput` is to suppress the display of
password values. This change doesn't alter the way form data is
validated or handled. It only affects the user experience with
passwords on a form when they make an error submitting form data (such
as on unsuccessful logins, or when completing a registration form).

If you want restore the pre-Django 1.3 behavior, you need to pass in a
custom widget to your form that sets the ``render_value`` argument::

    class LoginForm(forms.Form):
        username = forms.CharField(max_length=100)
        password = forms.PasswordField(widget=forms.PasswordInput(render_value=True))

.. _deprecated-features-1.3:

Features deprecated in 1.3
==========================

Django 1.3 deprecates some features from earlier releases.
These features are still supported, but will be gradually phased out
over the next few release cycles.

Code taking advantage of any of the features below will raise a
``PendingDeprecationWarning`` in Django 1.3. This warning will be
silent by default, but may be turned on using Python's `warnings
module`_, or by running Python with a ``-Wd`` or `-Wall` flag.

.. _warnings module: http://docs.python.org/library/warnings.html

In Django 1.4, these warnings will become a ``DeprecationWarning``,
which is *not* silent. In Django 1.5 support for these features will
be removed entirely.

.. seealso::

    For more details, see the documentation :doc:`Django's release process
    </internals/release-process>` and our :doc:`deprecation timeline
    </internals/deprecation>`.`

``mod_python`` support
~~~~~~~~~~~~~~~~~~~~~~

The ``mod_python`` library has not had a release since 2007 or a commit since
2008. The Apache Foundation board voted to remove ``mod_python`` from the set
of active projects in its version control repositories, and its lead developer
has shifted all of his efforts toward the lighter, slimmer, more stable, and
more flexible ``mod_wsgi`` backend.

If you are currently using the ``mod_python`` request handler, it is strongly
encouraged you redeploy your Django instances using :doc:`mod_wsgi
</howto/deployment/modwsgi>`.

What's new in Django 1.3
========================